In 2025, I invested as an angel through the Ada Angels program, backing pre-seed companies in Denmark aligned with Ada Ventures’ thesis on healthy aging, climate equity, and economic empowerment.  Portfolio Companies Healper 🌐https://healper.dkMarketplace connecting psychologists/therapists to patients. Sourced through another angel in the Ada program. Why I invested: This was my first deal under […]

Twitter's descent into a gutter of the lowest order has been wrenching:

Elon Musk’s Grok and the Mass Undressing Scandal

As I draft this, a week later, it appears pressure from civil society, investigations by regulators, and outright bans on multiple continents have forced Musk to back down to an uncertain degree.

As this scandal roiled, Twitter's apps have been continuously available in Google's Play and Apple's App Store, marking new lows in moral cowardice and non-enforcement of the duopolist's own policies.

Now we sit on tenterhooks, wondering if the worst has actually passed. What outrage the will the valley's billionaire man-children unleash next? Meanwhile, we brace for this episode to embolden censorious authoritarians keen to suppress a free press and legitimate speech they dislike.

This is the backdrop to Elizabeth Lopatto's must-read denunciation in The Verge:

It is genuinely unbelievable to me that I wasted hours of my actual life on a court case where Apple explained it needed total control of its App Store to protect its users. Total control of the App Store was Apple’s main argument against antitrust enforcement: The company insisted that its monopolistic control of what users could install on their phones was essential to create a walled garden where it could protect children from unsafe content.

Ha! Ha ha ha!!

— Elizabeth Lopatto,
"Tim Cook and Sundar Pichai are cowards, The Verge"

Failure to react to the “everything app” going all-in on abuse of women and girls for weeks reveals the illegitimacy of their mobile monopolies¹; anyone pretending otherwise is a fool or a dupe.

We don't need to guess why they sat on their hands.

Acting against Musk's abusive apps might put Apple and Google out of favour with an erratic, power-tripping administration which in turn could impact short-term business prospects. Their stated principles are incompatible with maximizing shareholder value under competitive authoritarianism.

Recall that both firms lent their monopolies on software distribution to ICE, citing the implausible claim that federal agents are a “vulnerable group.” The undressing scandal is the same choice in relief.

Facilitating the unthinkable at the behest of administration allies pays homage to power through obscenity. If they offend Musk…who knows what could happen? So maybe let it play out; let others take the heat. Surely somebody will do something. The internal monologue of the quisling scarcely needs exposition.

And so abuse at scale was amplified through their channels, against their own policies, for weeks.

Vertigo

The duopolist's justifications for monarchical app stores have always been bullshit, top to bottom, stem to stern.

App stores are not sui generis; they're just programs that install other programs, and "apps" are whatever the OS says they are.

As Cory Doctorow observed:

Apps interact with law in precisely the way that web-pages don't. “An app is just a web-page wrapped in enough IP to make it a crime to defend yourself against corporate predation”

It sure looks like Apple and Google failed to protect women and girls in order to preserve the rents they extract from the ecosystems these IP wrappers give them control over.

Gatekeepers like to point out that the wrapper comes with treats — business-critical capabilities and services that OS vendors lock behind proprietary APIs — but this is misdirection.

Web apps could provide safe, privacy-enhancing versions of every capability they currently reserve to native apps, and the duopolists know it. In an earlier era, open platforms chewed up proprietary features and spat out interoperable standards to cover the most useful 80% of that ground safely, and under open licences. This reduced lock-in for both developers and users which, in turn, forced incumbents to innovate.

Today's gatekeepers are desperate to keep that from happening again. It would upset the entire rentier model.

That's why Apple has worked furiously to keep APIs away from browsers through legal wrangling and subversion of standards. Cryptography and lawyers have also been enlisted to keep other programs-that-install-programs out and a safe, powerful open web at bay. Without those shields, we'd see the deeper failures clearly.

Consider the justifications Apple and its merry band of astroturfers trot out like clockwork to delay browser choice. Cupertino argues it must exclusively control browsers and software distribution to:

• Ensure device security
• Prevent frauds and scams
• Provide a bulwark for privacy
• Simplify software acquisition and distribution
• Keep a lid on the most objectionable content

Now we see clearly that protection on the last point comes not from the stores, but from civil society and governments. This insight provides a template: each justification is an admission; misdirection to cover culpability.

Let's take it from the top.

The Security Argument

Stores don't ensure security, runtimes do.

Operating systems and browsers — the platforms that sandbox code and mediate permissions — protect users to the extent they're designed to; app stores are just overwrought “beware of dog“ signs meant to scare off easily intimidated ne'er-do-wells. It's no surprise that whenever app stores are trusted with the role, a trail of harrowing failure follows.

This unearths the lie behind the obfuscation: iOS and Android didn't create stores to deliver unheard of security — iOS 1.0 already did that by forbidding unsafe native code, replacing it with an upgraded web² — no, the gatekeepers built the app stores because their OSes are insecure platforms for native apps. When mobile apps were web apps, the presumption of safety reigned. Alas.

Retreating from safety dovetailed with retreat from safe, open, interoperable computing in other ways. It's no coincidence that Apple backed away from adding safe, open, and interoperable capabilities to the web at the same moment it realised it could tax native apps extortionately.

App stores are marketing answers to a brand-promise problem: what to do about a hole below the water line that Product and Engineering aren't just failing to patch, but are enthusiastically expanding instead?

The whole facade of the duopolist's power hinges on the false claim that stores create security. Without the need to paper over the disaster of carelessly dispensed power tools, none of the rest of the services the stores provide could be justified; certainly not at the ruinous prices they demand.

More recent, chest-thumping pronouncements need to be evaluated in the same light. These aren't heroic explorers of new frontiers, they're embarrassed students bluffing book reports for tomes they didn't read.

Instead of protecting us, app stores reward platform vendors for security failure and foster centralising, anti-Open Source ecosystems. Open societies cannot abide closed platforms that assert ownership of this much of our lives, particularly not when claims of security are based on misrepresentations.

Frauds and Scams

In the narrow conception, the app stores are feckless. Taking a wider view, they're complicit. Enabling, even.

Under a strict definition of “fraud," the track record of app stores is abysmal. Take just one recent example: while loudly proclaiming to protect users from scams, Apple simultaneously facilitated wide-scale app impersonation at the launch of Sora. This failure isn't a one-off, either. Bald-faced imposters are a long-running problem for stores that pretend to both users and developers that they protect from exactly these sorts of scams.

For its part, Google routinely facilitates shocking amounts of ad fraud via Play. Stores also failed to catch clearly fraudulent fronts for sanctioned Russian banks. This is just the tip of the proverbial iceberg.

If we widen the aperture to let in adjacent classes of user abuse, the situation looks immeasurably worse.

Apple's policies purport to disallow use of the ultra-low-friction IAP systems for gambling:

5.3.3 Apps may not use in-app purchase to purchase credit or currency for use in conjunction with real money gaming of any kind.

This text is lawyered to sound like a curb on gambling addiction's worst effects. In reality, it's designed to facilitate the predatory “gambling lite” systems Apple and Google gleefully fostered.

For most of the mobile duopoly's existence, the primary revenue driver has been the problematic, gambling-adjacent behaviour of “digital whales” in so-called “casual games.”

And don't imagine the wilfully predatory behaviour is limited to adults. By allowing “bait apps” — even after previous FTC settlements that should have forbidden them — the app stores have shown us the duopolist's true colours. Serial disregard for the financial health of users is literally baked into their model.

This is the rotten core of mobile app stores. Understood in POSIWID terms, they exist to tax casinos that exploit gambling addictions of vulnerable users.

Privacy

App stores safeguard privacy the way packs of wolves safeguard flocks of sheep.

The only appropriate response to the two-faced, duplicitous claims by Apple and Google towards privacy in recent years is incandescent rage.

I've covered before how Apple's posturing against Facebook is nothing but kayfabe and how Cupertino's privacy arguments regarding alternative browsers are steaming piles of illogical nonsense.

In reality, our privacy problems have been multiplied by Apple and Google.

It was the duopolists that created APIs for persistent background access to your contacts, calendar, location, radios, battery levels, and much else besides. It was the duopolists that then turned around and claimed credit for incrementally curbing the worst abuses of the APIs they themselves handed out like candy. Remember, they added these easily-tracked features knowing full well they would be abused.

How do we know they knew better? Both exposed shocking amounts of information about users to all comers after building browsers that protected from these very risks. Both had past form building web APIs that expanded platform power more thoughtfully. Caution was thrown to the wind by the very folks that now demand credit for remediating tiny patches of the superfund sites they created.

It was the duopolists who handed those APIs to native apps from shady publishers like Facebook with less-than-thoughtful controls. And it was these very companies that failed to police even their mildest policies.

And these same trillion-dollar market-cap firms simultaneously declined to do the one thing that had a chance to dramatically improve privacy: using their incredible lobbying capacity to forcefully call for privacy regulations worth a damn. Instead, they prefer a market structure where they can posture against each other over problems they jointly exacerbate.

And they have got away with it. Their press and product shops are keenly aware reporters don't understand privacy deeply enough to call their bluff, and that so-called privacy experts will clap as loudly for symbolic gestures as for fundamental change.

Humiliatingly for the fourth estate, Cupertino and Mountain View's self-issued privacy participation prizes were never questioned. Indeed, credulous journalists continue to shower them with praise for steps away from the very worst excesses best measured in angstroms.

Recently, Apple have been allowed to take credit for foisting responsibility onto users while Google has faced no sustained questioning for just giving up, having never launched anything at all to structurally curb Android abuses.

Cynics might be inclined to think this was very much the point.

POSIWID shows that monopolies on apps-that-install-apps exist to squash competition, not to preserve privacy. Apple's not trying to keep alternative browsers off of iOS because browsers track users, they're keeping better browsers out because they could provide an alternative that doesn't.

Software acquisition and distribution

You know what the easiest way to get an app is? Clicking a link.

Apple literally pioneered this model with iOS 1.0, only to walk away from it a year later when it chose to carelessly expose overpowered, unsafe-by-default APIs with the hurried introduction of native apps. Throwing away privacy and security made software harder to build and distribute, too, but deposited power over developers with OS gatekeepers. Over time, the power to tax those developers became addictive.

A more secure and privacy preserving model is still possible but the duopolists continue to suppress it. I can't speak out of school about all the ways Android and Play mirrored Apple's underhanded tactics to suppress PWAs, but suffice to say it was a lot.

Industrial-scale suppression of safe, privacy-respecting platforms has been packaged up in florid terms as an advantage for developers. Except developers hate mobile app stores. But you don't have to take my word for it.

Given the choice, developers would do exactly what the gatekeepers do when constructing billing, distribution, and marketing systems: shop around in an open market, based on standards-oriented technologies, and select the best fit for their needs.

This is exactly the model that gave rise to the web and to web search. Discovery for web apps isn't impossible without omnipotent app stores; it isn't even hard. If we can build search engines for web pages, we can also highlight sites that are installable. None of this is magic, and none of it requires a 30% take from the developer's budget.

Content Moderation

For the sake of completeness, we should stipulate that an end to app stores would not meaningfully change the content moderation landscape.

We now have a powerful example of this counterfactual thanks to the Twitter/Grok episode. There is no safety to be lost when we replace the gatekeeper's stores with a powerful, open, interoperable web. Mobile app store proprietors stand for nothing but profit and can be counted on only to defend their take. Good riddance.

The Rot of “Who Should Rule?”

Before the 2024 US elections, tech titans were well-enough advised to know which way the winds were blowing. But that did not stir them to defend truth, the rule-of-law, or even the employees that enabled their success. Instead, they hurried to capitulate. Today they sponsor coup-excusers pay vigs, grovel to people they surely loathe, and fund the literal destruction of America's institutions.

This month's failure to stand up for basic decency is just another link in that chain.

Having narrowed the running to two choices, mobile's masters always ask us to consider governing our phones through the authoritarian frame of "who should rule?"

But these aren't our only choices. As Popper retorts, the better question is "How can we so organize political institutions that bad or incompetent rulers can be prevented from doing too much damage?"

This isn't purely a political question, but applies to all of society's power structures. The callous indifference of the app store's billionaire managers (1, 2) when faced with an even moderately difficult call tells us that they cannot be trusted; this was the test, and the mobile overlords failed by their own terms.³

What's left for the rest of us to take on is how we dismantle the mechanisms our misplaced trust helped them build. This will not be easy, and an insightful commenter at The Verge restates the core problem:

This is true and fantastic reporting and why we need to pay for The Verge.

But, it begs the question, what do we do?

Do we opt out of the tech of the modern world to protest? Commitment to values isn’t what we talk about, it’s what we are willing to give up. A key problem is that we don’t have any real competition vs Apple or Google as platforms if we want to exist in the modern world or even have this conversation.

You can’t (easily) read this or participate from a Kobo or Lightphone. Anyone have any suggestions?

I dropped off Twitter and Meta, but I’m running out of options.

— Anonymous commenter,
"Tim Cook and Sundar Pichai are cowards, The Verge, Comments"

We aren't going to get anywhere by throwing our iPhones and Androids into the sea.

Credible, incremental steps that remove power from the gatekeepers are now demanded, and as I have previewed throughout this piece, the open web is that next step. It has all the properties we need to attenuate misgiven power: no single vendor control, based in standards, multiple OSS implementations, and most of all, portability.

The web is an abstraction that holds the power to liberate our computing in-situ, removing superfluous gatekeepers from the loop an increasing fraction of the time. As use of the web grows, so do the prospects for alternatives OSes and hardware ecosystems. They know this, and that's why they're trying to keep the web from winning.

Moving our computing to browsers and web apps won't protect us from Musk, but neither will Apple or Google.⁴ Now that we know that, we can at least start to claw back at the corrosive power of monopolists in our pockets by building for a future that doesn't depend exclusively on them.

FOOTNOTES

1. Some folks like to continue to pretend that the mobile duopoly still includes any serious competition for either player. I assume those people are paid to review phones for a living.

   As I outlined in this year's instalment of the Performance Inequality Gap series, the mobile market is actually two distinct markets: iOS for the rich, and Android for the rest. The average price for iPhones is hovering nearly $1K, while the average Android costs $300 new, unlocked. There is no functional competition between these ecosystems, and though they'll never admit it, that's a situation the duopolists are more than comfortable in, even if they don't particularly love it. ⇐

2. ChromeOS introduced the same safe-by-default model to desktop computing several years later. In both cases it was necessary to aggressively expand the web platform's capabilities to support the sorts of applications that users and developers needed, and in both cases that effort was successful. But both Apple (and to a lesser extent, Google) backed away from that strategy when it became clear that fundamentally unsafe, wickedly overpowered platforms were a hit with developers of viral apps. What followed has been 15+ years of papering over the inherent flaws in the model and shifting blame for the mobile platform maker's own predictable (and predicted) failure to keep users safe. ⇐

3. If it always falls to civil society and regulators to protect women and girls from Elon Musk and his Trumpian alliance, what is the point of Tim and Sundar? Of Play and the App Store?

   And if their policies are just fig leaves to justify rent extraction, why should any regulator listen to anything they say?

   These questions should be hair-on-fire in the capitols of still-functioning democracies. ⇐

4. It is not the most offensive thing about this episode by a country mile, but I am driven to distraction by how unbelievably stupid Apple and Google have become.

   Did Tim and Sundar really think that, having sniffed weakness once, Trumpist shake downs would pass them over the next time a pro quo could be extracted for the quid?

   Did they not understand that by participating in oligarchy they signed on to authoritarianism?

   Did they really fail to calculate that capitulation didn't lower their risks, only centralised them?

   This was all predictable. You don't have to look as far as Russia to understand that autocrats grant temporary loans of state power towards undemocratic ends to create leverage for themselves, not the borrower. And whatever the price, autocrats never stay bought.

   Everyone but the smartest people in the room knew that domination is a ladder, and now we're all paying the price. ⇐

It wasn’t until the end of our chat that I learned her name.

We made another short film last year. Here's the "back of the DVD case" pitch:

Penny's back, and so's the Red Button, thankfully right where she left it. But who's this Giant? And why's he so cute?

Red Button II: The Giant of Belvedere is 2025 Belvedere Home-Made Film Festival Official Selection

A Harrington Production

• Tavie Harrington - "Penny"
• Bear Harrington - "The Giant"
• Carly Harrington - Hair, Makeup, Costume
• Charlie Harrington - Writer, Director, Composer, Editor

My favorite moment of the film festival when Tavie received her filmmaker's participation statue:

"I can't believe I won my first trophy!"

Watch the 3-minute film now:

I love having this continuing, annual project with Tavie (and now Bear, too). She keeps bringing it up, bursting with ideas for the next one.

Another thing I've been trying to do is learning one new movie-making technique each year, and then use it as a major part of that year's film. The first year was "reversing" a clip -- hello, Red Button's time travel mechanism. This year was green screen. I borrowed some green screens (aka sheets) from the local library and then we did our best to rig up Bear's bedroom like The Mandalorian's The Volume. After some hilarious (out)takes, I fired up YouTube Shorts and spend 25 seconds learning how to use DaVinci Resolve just enough to do the green screen clips. What a world. You can definitely tell that I'm doing this with less than a minute's worth of training with the Giant's glowing green hair, but I'm still blown away by how YouTube can teach you literally anything in less than a bathroom break.

I also tried to create a storyboard this year:

Would be fun to try some actual storyboarding software for 2026. Which reminds me to also look into comic book / graphic novel software, because Tavie's getting really into Dog Man at the moment.

Some other highlights

• Bear!!
• My mom (Tavie and Bear's Nana) visited from NJ and came to the film festival
• Getting clips and fake interviews with random park-walkers who happened to notice my "edits" to the historical plaques to incorporate the history of the Giant (watch the film to know what I'm talking about).

Making movies is fun!

Penny will return in 2026.

But will the Giant?

New startup (minimally funded) nonprofits cannot solve systemic issues. They can raise awareness around these issues. They can pilot new and innovative ways to address them. But longevity is nearly impossible without a committed capacity-building fund and/or a capital engine. Philanthropy creates harm to these new nonprofits by funding them without also creating strong pathways […]